Jump to content
andy_1984

Europe Cookie Laws

Recommended Posts

What is your idea on how osCommerce shopkeepers should handle this?

 

ive been thinking about a less painless way since hearing about it last night.

 

removing the need for cookies completely and using sessions instead is one option

 

the other (for people who need to use cookies) will need to ask the European users permission when first accessing the website. rough example:

 

this website requires the use of cookies but due to new European law we must ask for your permission to store cookies on your computer. do you wish to enable cookies. selecting no will prevent you from using the site properly and may effect your shopping etc etc. (yes / no button here)

 

obviously there would need to be a rewrite of the cookie functions to accommodate this permission request but i havnt got that far yet

Edited by andy_1984

Share this post


Link to post
Share on other sites

the law been created by person without any knowledge of web or PC...


Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here!

8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.

Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.

Any issues with oscommerce, I am here to help you.

Share this post


Link to post
Share on other sites

As this is now coming into effect, does anyone have any ideas on how to actually deal with this STUPID situation?

 

According to the EU we have only 3 weeks to deal with this! Here in the UK it seems that we might have a 12 month grace period due to the fact that the responsible minister appreciates that we need time to come up with solutions.

 

I have v2.2 RC2a sites so a suitable solution would be appreciated :)

 

Paul.

Share this post


Link to post
Share on other sites

Cookies for site functionality are fine. Are there any un-needed cookies in your site?

 

http://www.ico.gov.u...es_prepare.aspx (PDF file)

 

Thank you for the quick response.

 

I have d/l and read the PDF. As a 'layman' most of it is gobledygook to me. I have absolutely no idea what cookies osC uses and, if it does, whether or not they fall foul of this nonsense.

 

I suspect I am not alone in that I managed to sort out a domain and hosting, spent months 'tweaking' osC with add-ons but only because of the instructions that came with them and the help of this forum. 'Coding PHP/HTML' is a foreign art that I do not have. Consequently, adding add-ons is a challenge. As far as understanding cookies - ????.

 

If it is not too much to ask, could someone help me, and others like me, by suggesting what we need to do to comply with this nonsense?

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

It seems its more aimed at sites setting 3 party cookies

 

In my opinion every cookie set by osCommerce is critical to the function of osCommerce, hence you need do nothing to comply.

 

So a simple statement in Privacy stating that "no 3rd party cookies are used and any cookies created are for the sole purpose of, and essential to, the function of the site" should suffice?

 

If that is the case then I am even more impressed by osC :)

Share this post


Link to post
Share on other sites

This wonderful line is in your cookie_usage.php (it shows when customers have their browser set not to accept cookies and your store is set to force cookie use)

 

"Cookies must be enabled to purchase online on this store to embrace privacy and security related issues regarding your visit to this site.

 

By enabling cookie support on your browser, the communication between you and this site is strengthened to be certain it is you who are making transactions on your own behalf, and to prevent leakage of your privacy information."

 

osC cookies are not the tracking cookies that the EU are getting concerned about


Currently...:

 

Working with osCommerce 2.3.1

Now working with Phoenix

Add-Ons so far Installed:

Not all of these installed yet on Phoenix - some are and the rest will be

 

Add date and order number to invoice and packing slip,

Products Cycle Slideshow,

Detailed Monthly Sales,

Holiday Settings,

Tracking Module for 2.3

Share this post


Link to post
Share on other sites

I have just received an email from the ICO office with a link to the PDF that is already listed in this forum. After having read this forum and the email, di i take it that oscommerc does not use cookies apart from those needed to complete a service requested by a customer ie to complete an order and send it.

 

If that is the case, it looks as if nothing need to be done. I am not too hot on programming, so dont fully understand what oscommerce does with cookies.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

I have just received an email from the ICO office with a link to the PDF that is already listed in this forum. After having read this forum and the email, di i take it that oscommerc does not use cookies apart from those needed to complete a service requested by a customer ie to complete an order and send it.

 

If that is the case, it looks as if nothing need to be done. I am not too hot on programming, so dont fully understand what oscommerce does with cookies.

 

We are in the same boat. I also read the document but had trouble making sense of it. From all the comments above I ended up adding the following paragraph to the Privacy page.

On  26 May 2011, the rules about cookies on websites changed. This site  uses cookies. One of the cookies we use is essential for
parts of the  site to operate and has already been set. You may delete and block all  cookies from this site, but parts of the site will not work.
We do not  use 3rd party tracking cookies. For further information look at [url="http://www.allaboutcookies.org/"]allaboutcookies.org[/url]

Edited by GwilliamP

Share this post


Link to post
Share on other sites

Go to the ICO website and see what they have done on their front page. There is a large box at the top of the page explaining about cookies. Its the first time i have seen something like this.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

To be absolutely pedantic for a minute, a cookie is stored to maintain a session and having it stops the need for URLs to have oscsid=aabbccdd112233 in the URL. If you were to say why not do that, I'd say that it is indeed a security risk. Where a site is misconfigured and they maintain this, past the first page click, those links sometimes get posted on Google and clicking on the link can restart a session. That session is then shared with anyone else who clicks on the link. That means the second customer can go to the account details page and see your address and your past orders.

 

However

The session is only needed to store your cart, a non-default language, a non-default currency, so if a customer is just looking around, comparing prices, seeing what you've got to sell, there's really no need to have that information stored so a session doesn't need to be started. Also, that tends to be what web robots and spiders do - they don't need sessions.

 

The trick then becomes, can we start the session when a "Buy Now" button is pressed.

 

The other aspect is Google Analytics. That surely is not necessary to the customer experience but very useful for store owners.

 

The final piece is $_SERVER variable called $_SERVER['HTTP_DNT'] which is set to 1 in Firefox if the customer has configured "Tell websites I do not want to be tracked". Other browsers don't support it yet, but surely it's only a matter of time.

 

Graith

Share this post


Link to post
Share on other sites

That's an interesting proposition -- to not start a session (by either sessionID or cookie) until it's necessary to pass information between pages. I'm sure that normal session maintenance cookies certainly don't violate the spirit of the law, although who knows if some computer-illiterate bureaucrat or judge would interpret it as violating the letter of the law. If I were in the E.U., I would go ahead and use session cookies, and if someone wanted to prosecute me for it, make a huge public stink about how stupid the law is and the E.U. should simply go out of business!

 

An aside: I wonder how the Dutch feel about limiting cookies? After all, the word descends from a Dutch term for "little cakes" and spread from New Amsterdam (now New York) into American English. I understand that the British still call them "biscuits".

Share this post


Link to post
Share on other sites

Does that mean they will disallow cookies completely? What would the implications be for forums and sites that use them at the moment?

Share this post


Link to post
Share on other sites

I believe the main issues is if you have Google Analytics on your eCommerce site, as that uses cookies, and they are 3rd party tracking cookies.

On the bright side, in the UK even the Information Commissioner's Office Website does not technically comply with the cookie law, but you have to wonder how likely it is that having cookies (even google analytics cookies) would result in legal action.

 

Personally, i believe it is arguable that even the Google Analytics cookies are essential to the operation of your website, in order to make it function better for the visitors to it.

 

This is of course merely my personal opinion and not legal advice, but for comparison, has any website owner ever been prosecuted under the disability discrimination act?

Share this post


Link to post
Share on other sites

This is a well-intentioned law (forbid the invasion of privacy by tracking cookies) implemented in a brain-dead manner. My non-legal advice would be to

  1. Make sure you don't install any add-ons (e.g., Google Analytics) which do add what could reasonably be called tracking cookies.
  2. If you really want to add tracking cookies (where they're legal), look into disabling that feature for EU users (both IP address geo-location and registered user's countries).
  3. Add some highlighted text to the Terms of Service notifying users that you do use session-maintenance cookies, that are deleted when the browser closes (check if that's true...).

If the authorities come after you, raise a public stink about how government sites (e.g., ICO) use illegal tracking cookies, and how they should be prosecuted first! Maybe you can gain fame as the straw that broke the EU camel's back!

Share this post


Link to post
Share on other sites

Ok well it is now 25 May and this comes into effect tomorrow - Has anyone managed to come up with anything definitive on this subject for OSC ? especially the use of Google analyitics?

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

I have just noticed that the ICO website Privacy notice has a useful looking table here : http://www.ico.gov.uk/Global/privacy_statement.aspx as I, like most people, have little understanding of how OSC & Google / Youtube (for embedded videos) etc use cookies and what their names may be, would it be possible for someone who understands this to produce a similar table for use in our privacy statements?

 

Also, an acceptance box on the home page would not be appropriate - as most visitors enter on a product page via google shopping or a search engine / facebook link.


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

what about external payment gatewys (e.g. paypal, sagepay) would i need to include saying that they may set cookies (which is out of our control, or should i leave it to there policy


App created for phoenix
TinyMCE editor for admin

 

Share this post


Link to post
Share on other sites

@@burt

 

Thanks Gary, but not really that helpful, I already have the privacy policy - but it is the mechanics of the task, ie.:

 

1) How do I know what cookies my site sets and their names?

2) How do I know if they are "Essential" or not?

3) How to I creat an Opt-Out? maybe a button taking visitors to an opted-out page or back to google?

 

As you are UK based and are in the EU then would I be right in assuming that you have already accomplished all of the above on your sites? If so would you care to share the info?

 

Thinking about this - is the OSC Forum EU Based? Does it set cookies?

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

@@burt

 

Would you also like me to do the washing up ?

 

Thats very nice of you - would you please? :shifty:


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

@@burt

 

Ok Had a look at that site - I dont see an opt-out link.

 

Also if the customer is registered is his cart not retained by way of cookies if he returns later to purchase?

 

Does that site only set one cookie? as asked above, what about payment processors you may use?

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

All cookies including externally set cookies.

 

even if they have to go to paypal's / sagepay site to complete the transaction (e.g. they gone off my website), as my understanding of it is, that it is todo with them and not me so i would not need to worry about it in my policy


App created for phoenix
TinyMCE editor for admin

 

Share this post


Link to post
Share on other sites

OK this is how I will address this:

 

1) a small opt-out box on each page, referring to our privacy statement and a "Leave Site Now" button

2) Produce a table in line with the one in the link I posted above

 

So the only information I need to know is: How can I determine what cookies my site sets on a customers computer?

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×